Cursor Path Vector Analysis for Detecting Click Fraud

1. A method for detecting click fraud comprising: tracking at least a portion of a path of movement of a cursor on a web page prior to a click by a controller of the cursor on an advertisement on the web page, the tracking being performed by client code on a client device displaying the web page; determining that the path of the movement of the cursor comprises a set of vectors; detecting a possible click fraud attempt based on a level of variability of at least a slope between vectors of at least a subset of the set of vectors representing at least the portion of the path of movement of the cursor; receiving the click on the advertisement on the web page; and denying the click on the advertisement in response to the level of variability of at least the slope between vectors of at least the subset of the set of vectors being indicative of the possible click fraud attempt.

2. The method according to claim 1 , further comprising analyzing by the client code a pattern in at least the subset of the set of vectors to determine if the cursor movement is human-like.

3. The method according to claim 2 , further comprising detecting by the client code the possible click fraud attempt if the cursor movement is not human-like.

4. The method according to claim 2 , further comprising analyzing by the client code the pattern by looking at each vector of at least the subset of the set vectors and determining if consistency exists between any of the vectors of at least the subset of the set of vectors.

5. The method according to claim 2 , further comprising determining by the client code a confidence factor indicative of there not being the possible click fraud attempt based on the variability of at least the slope between the vectors of at least the subset of vectors being randomly different slopes.

6. The method according to claim 1 , further comprising determining a confidence factor indicative of the possible click fraud attempt in response to the path of the movement of the cursor defining a straight line.

7. The method according to claim 1 , further comprising: storing by the client device the set of vectors associated with the path of movement by the cursor; and comparing by the client code at least the subset of the stored set of vectors with previously stored vectors, a result of the comparison being useable to detect the possible click fraud attempt.

8. The method according to claim 7 , further comprising detecting by the client code the possible click fraud attempt in response to at least the subset of the stored set of vectors being analogous to the previously stored vectors.

9. The method according to claim 1 , further comprising generating by the client code a hash code for each vector of the set of vectors associated with the path, storing by the client each generated hash code as a hash sequence associated with the path, and comparing by the client code the stored hash sequence with previously stored hash sequences, a result of the comparison being useable to determine the possible click fraud attempt.

10. The method according to claim 9 , further comprising detecting by the client code the possible click fraud attempt in response to the stored hash sequence being analogous to at least one of the previously stored hash sequences.

11. A device comprising: a processor; a network interface associated with the processor, the network interface providing access to a network for accessing a web page containing an advertisement; client code, operating on the processor, the client code being configured to: track movement of a cursor on the web page prior to a click by a controller of the cursor on the advertisement on the web page; determine that a path of the movement of the cursor comprises a set of vectors; detect a possible click fraud attempt based on a level of variability of at least a slope between vectors of at least a subset of the set of vectors representing at least a portion of the path of movement of the cursor; receive a click on the advertisement on the web page; and deny the click on the advertisement in response to the level of variability of at least the slope between vectors of at least the subset of the set vectors being indicative of the possible click fraud attempt.

12. The device according to claim 11 , wherein the device stores the set of vectors associated with the path, the client code being further configured to compare at least the subset of vectors of the stored set of vectors with previously stored vectors, a result of the comparison being useable to detect the possible click fraud attempt.

13. The device according to claim 12 , wherein the client code is further configured to detect the possible click fraud attempt in response to at least the subset of vectors of the stored set of vectors being analogous to at least one of the previously stored vectors.

14. The device according to claim 11 , wherein the client code generates a hash code for each vector of the set of vectors associated with the path, stores each generated hash code as a hash sequence associated with the path, and compares the stored hash sequence with previously stored hash sequences, a result of the comparison being useable to determine the possible click fraud attempt.

15. The device according to claim 14 , wherein the client code detects a click fraud in response to the stored hash sequence being analogous to at least one of the previously stored hash sequences.

16. A computer program product comprising a non-transitory computer useable storage medium having computer useable program code embodied therewith, the computer useable program code comprising: computer useable program code configured to track movement of a cursor on a web page prior to a click by a controller of the cursor on an advertisement on the web page; computer useable program code configured to determine that a path of the movement of the cursor comprises a set of vectors; computer useable program code configured to detect a possible click fraud attempt based on a level of variability of at least a slope between vectors of at least a subset of the set of vectors representing at least the portion of the path of movement of the cursor; computer useable program code configured to receive the click on the advertisement on the web page; and computer useable program code configured to deny the click on the advertisement in response to the level of variability of at least the slope between vectors of at least the subset of the set of vectors being indicative of the possible click fraud attempt.

17. The computer program product according to claim 16 , further comprising computer useable program code configured to: store the set of vectors associated with the path; compare at least the subset of the stored set of vectors with previously stored vectors associated with the path; and detect the click fraud attempt in response to at least the subset of the stored set of vectors being analogous to at least one of the previously stored vectors.

18. The computer program product according to claim 16 , further comprising computer useable program code configured to generate a hash code for each vector of the set of vectors associated with the path, store each generated hash code as a hash sequence associated with the path, compare the stored hash sequence with previously stored hash sequences, and detect the possible click fraud attempt in response to if the stored has hash sequence is being analogous to at least one of the previously stored hash sequences.

19. The method of claim 1 , further comprising: normalizing the path of movement of the cursor; comparing at least the subset of vectors to previously stored vectors of cursor movement; determining the subset of vectors to be analogous to the previously stored vectors in response to the subset of vectors and the previously stored vectors overlapping by a set minimum number of pixels; determining a confidence level based on an overlap between the subset of vectors and the previously stored vectors; and using the confidence level in detecting the possible click fraud attempt.